Site icon On DarkNet – Dark Web News and Analysis

The CIA’s dark web site could pose a risk to potential leakers, a hacker questioned

In last article, "ODN" introduced a dark web mirror created by the CIA for its official website(https://cia.gov).A Tor-based dark web.onion site, and advertised it in Russian on Instagram (https://instagram.com/p/CdDo1_QMCLe/) to advertise and call on Russians with information to contact them.

But according to hacker and cybersecurity expert Nathan Fain (https://nathanfain.com/), who technically analyzes this CIA dark web site could be a risk for users to expose themselves. Nathan Fain tweeted (https://twitter.com/nathanafain) the following reasons.

1: The CIA form requires an email address. CIA may expose the source of the outgoing email if it responds.
2: the website does not have file uploads and the risk of using email is greater.
3: CIA does not set up secure communication channels like other websites (similar to securedrop, NYT, wapo, wikileaks, etc.)
4: The onion website provided by CIA is the mirror of its official website(https://cia.gov), which is a full 5MB in size,, and can easily be fingerprinted from the traffic.

In addition, securedrop, nyt, wapo, wikileaks have and set up a secure HTTPS-based communication layer on their Tor-based darknet.onion sites. This means that as a file leaker, users can communicate in one location with encrypted two-way communication, thus reducing concerns about exposure through other communications.

Nathan Fain explains specifically as follows.

The CIA's darknet.onion site has a "Report Information" page, but the "ONLINE FORM" is just a form consisting of a few text boxes, but without the most basic file upload function. If a leaker wanted to upload a file, presumably the CIA would prefer to use email, but that would lead to a huge source hazard.

The CIA's darknet .onion site is just the main site (http://cia.gov), and the response to a request to access it is about 5MB (39 requests were sent, totaling 4.55MB, as tested by "ODN"). And the access through .onion is the same. Therefore, it is possible that Russian ISP operators monitor encrypted traffic of this size to find potential compromisers.

"ODN" believes that Nathan Fain's analysis is still valid, and that the most secure way for the CIA to do this is to set up a securedrop submission site on the dark web and configure that site with an SSL certificate based on the onion domain.

Exit mobile version